<!doctype html> <!--
This file makes localstorage accessible to swarmsim's other subdomains.
It's accessed from a hidden iframe, and is used to seamlessly transfers
player saves from the old coffeescript version to the new elm version.
This transfer is one-way - elm can read coffeescript saves, but
coffeescript cannot read elm saves.

This file exists in both codebases. It's deliberately a single file, no external
JS, to ease copying.
-->  localstorage.html <script> const validOrigins = [
    // Production. This is the subdomain where player saves live, and probably
    // where this iframe's hosted. This could be hosting either the coffeescript
    // codebase or the elm codebase, depending on how far along the release is.
    'https://www.swarmsim.com',
    // Always the elm codebase. Early opt-in beta testing.
    'https://elm.swarmsim.com',
    // Always the coffeescript codebase. Legacy opt-out play.
    'https://coffee.swarmsim.com',
    // Testing all this with a real server.
    'https://staging.swarmsim.com',
    // Elm dev server.
    'http://localhost:3000',
    'https://localhost:3001',
    // Coffeescript dev server.
    'http://localhost:9000',
    'https://localhost:9001',
  ]

  function log() {
    if (document.location.search == '?log') {
      console.log.apply(console, arguments)
    }
  }
  function warn() {
    if (document.location.search == '?log') {
      console.warn.apply(console, arguments)
    }
  }

  function onMessage(event) {
    if (!validOrigins.includes(event.origin)) {
      warn('localstorage.html: ignoring message from invalid origin', event.origin, event)
      return
    }
    log('localstorage.html: message', event.origin, event)
    if (event.data.type == 'get') {
      event.source.postMessage({
        type: 'get',
        key: event.data.key,
        value: localStorage.getItem(event.data.key),
      }, event.origin)
    }
  }
  window.addEventListener("message", onMessage, false)
  log('localstorage.html: ready', window.location.origin, window.parent.location)
  // It's safe to let a parent-frame from any origin know we're ready.
  // Security's much stricter in onMessage().
  window.parent.postMessage({type: 'ready'}, '*') </script> 